NIST SP 800-175B Rev. 1 Guideline for Using Cryptographic Standards in the Federal Government: Cryptographic Mechanism
こんにちは、丸山満彦です。
NISTがSP 800-175B Rev. 1 Guideline for Using Cryptographic Standards in the Federal Government: Cryptographic Mechanismを公表しましたね。。。
送信中、保管中の sensitive but unclassified digitized information を保護するための連邦政府へのガイダンスで、暗号方式とサービスについて説明しています。。。
● NIST ITL
・[PDF] SP 800-175B Rev. 1 (DOI)
・Other Parts of this Publication: SP 800-175A
-----
Abstract
This document provides guidance to the Federal Government for using cryptography and NIST’s cryptographic standards to protect sensitive but unclassified digitized information during transmission and while in storage. The cryptographic methods and services to be used are discussed.
-----
Table of Contents
1 Introduction
1.1 Overview and Purpose
1.2 Audience
1.3 Scope
1.4 Background
1.5 Terms and Definitions
1.6 Acronyms
1.7 Document Organization
2 Standards and Guidelines
2.1 Benefits of Standards
2.2 Federal Information Processing Standards and Special Publications
2.2.1 The Use of FIPS and SPs
2.2.2 NIST Interagency/Internal Reports
2.2.3 FIPS Waivers
2.3 Other Standards Organizations
2.3.1 American National Standards Institute (ANSI)
2.3.2 Institute of Electrical and Electronics Engineers (IEEE) Standards Association
2.3.3 Internet Engineering Task Force (IETF)
2.3.4 International Organization for Standardization (ISO)
2.3.5 Trusted Computing Group (TCG)
3 Cryptographic Algorithms
3.1 Cryptographic Hash Functions
3.2 Symmetric-Key Algorithms
3.2.1 Block Cipher Algorithms
3.2.2 Hash-based Symmetric-key Algorithms
3.3 Asymmetric-Key Algorithms
3.3.1 Digital Signature Algorithms
3.3.2 Key-Establishment Schemes
3.4 Algorithm Security Strength
3.5 Algorithm Lifetime
4 Cryptographic Services
4.1 Data Confidentiality
4.2 Data Integrity, Identity Authentication, and Source Authentication
4.2.1 Hash Functions
4.2.2 Message Authentication Code Algorithms
4.2.3 Digital Signature Algorithms
4.3 Combining Confidentiality and Authentication in a Block-Cipher Mode of Operation
4.4 Random Bit Generation
4.5 Symmetric vs. Asymmetric Cryptography
5 Key Management
5.1 General Key Management Guidance
5.1.1 Recommendation for Key Management
5.1.2 Security Requirements for Cryptographic Modules
5.1.3 Transitions to New Cryptographic Algorithms and Key Lengths
5.2 Cryptographic Key Management Systems
5.2.1 Key Management Framework
5.2.2 Key Management System Profile
5.2.3 Public Key Infrastructure
5.3 Key Establishment
5.3.1 Key Generation
5.3.2 Key Derivation
5.3.3 Key Agreement
5.3.4 Key Transport/Key Distribution
5.3.5 Key Wrapping
5.3.6 Derivation of a Key from a Password
5.4 Key Management Issues
5.4.1 Manual vs. Automated Key Establishment
5.4.2 Selecting and Operating a CKMS
5.4.3 Storing and Protecting Keys
5.4.4 Cryptoperiods
5.4.5 Use Validated Algorithms and Cryptographic Modules
5.4.6 Control of Keying Material
5.4.7 Compromises
5.4.8 Accountability and Inventory Management
5.4.9 Auditing
6 Other Issues
6.1 Required Security Strength
6.2 Interoperability
6.3 When Algorithms are No Longer Approved
References
NIST Publications
Non-NIST Publications
Appendix A: Revisions
-----
1.1 Overview and Purpose
In today's environment of increasingly open and interconnected systems, networks, and mobile devices, network and data security are essential for the optimal safe use of information technology. Cryptographic techniques should be considered for the protection of data that is sensitive, has a high value, or is vulnerable to unauthorized disclosure or undetected modification during transmission or while in storage. Cryptography is a branch of mathematics that is based on the transformation of data and can be used to provide several security services: confidentiality, identity authentication, data integrity authentication, source authentication, and support for non-repudiation.
- Confidentiality is the property whereby sensitive information is not disclosed to unauthorized entities. A confidentiality service can be provided by a cryptographic process called encryption.
- Data integrity authentication (also called integrity verification) is a service that is used to determine that data has not been altered in an unauthorized manner since it was created, transmitted, or stored.
- Identity authentication is used to provide assurance of the identity of an entity interacting with a system.
- Source authentication is used to provide assurance of the source of information to a receiving entity (i.e., the identity of the source). A special case of source authentication is called non-repudiation, whereby support for assurance of the source of the information is provided to a third party.
This document is one part in a series of documents intended to provide guidance to the Federal Government for using cryptography to protect its sensitive but unclassified digitized information during transmission and while in storage; hereafter, the shortened term “sensitive” will be used to refer to this class of information. Other sectors are invited to use this guidance on a voluntary basis. The following are the initial publications in the Special Publication (SP) 800-175 series. Additional documents may be provided in the future.
- SP 800-175A2 provides guidance on the determination of requirements for using cryptography. It includes the laws and regulations for the protection of the Federal Government’s sensitive information, guidance for the conduct of risk assessments to determine what needs to be protected and how best to protect that information, and a discussion of the required security-related documents (e.g., various policy and practice documents).
- SP 800-175B (this document) discusses the cryptographic methods and services available for the protection of the Federal Government’s sensitive information and provides an overview of NIST’s cryptographic standards.
2 SP 800-175A, Guideline for Using Cryptographic Standards in the Federal Government: Directives, Mandates and Policies.
« Marriott Hotelで最大520万人の顧客データが漏洩したかも・・・またですかって感じですが。。。 | Main | 政府から移動通信事業者等に対する「新型コロナウイルス感染症の感染拡大防止に資する統計データ等の提供に係る要請」 »
Comments